What will happen if https traffic goes through the WAF?

Asked Jun 16 '21 at 14:11

Active Jun 16 '21 at 14:32

Viewed 186 times

A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-Site Scripting (XSS) and SQL Injection.

So from what I understand, this will handle only HTTP. What will happen if HTTPS traffic goes through the WAF?

Does it reduce the request time? or are there any performance issues?

edited Jun 16 '21 at 14:27

schroeder

123,438
55
284
319

asked Jun 16 '21 at 14:11

Sivanathan Prasath

1

Is your question about performance or security? – schroeder Jun 16 '21 at 14:28
I want to know, is it reduce the performance? – Sivanathan Prasath Jun 16 '21 at 14:58
That's not a security question, then. – schroeder Jun 16 '21 at 15:51
I can see that the statement ```...is an application firewall for HTTP applications``` can be confusing. In my opinion it would have been better to use the term web applications and leave the protocol out of it. – Jeroen Jun 16 '21 at 16:06
1

Adding any security filtering will negatively impact performance. Especially at the application layer. – user2320464 Jun 16 '21 at 16:46
@user2320464 ,but waf only work with http, so what will happen for the https request? – Sivanathan Prasath Jun 17 '21 at 02:21
Have a look at [this short read](https://www.loadbalancer.org/blog/secure-connections-encrypt-traffic-when-using-a-waf/). – user2320464 Jun 18 '21 at 18:08

What will happen if https traffic goes through the WAF?

0 Answers0